COMSEC Manager

Manages the Communications Security (COMSEC) resources of an organization (CNSSI No. 4009).

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T395 additional Advise senior management (e.g., CIO) on risk levels and security posture.
• T396 additional Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
• T445 additional Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
• T475 additional Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
• T578 additional Ensure security improvement actions are evaluated, validated, and implemented as required.
• T596 additional Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.
• T600 additional Evaluate cost benefit, economic, and risk analysis in decision making process.
• T824 additional Recognize a possible security violation and take appropriate action to report the incident, as required.
• T852 additional Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• K0025 knowledge core Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).
• K0037 knowledge core Knowledge of disaster recovery continuity of operations plans.
• K0055 knowledge core Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• K0061 knowledge core Knowledge of incident response and handling methodologies.
• K1141A knowledge core Knowledge of an organization's information classification program and procedures for information compromise.
• K0129 knowledge additional Knowledge of system life cycle management principles, including software security and usability.
• K0143 knowledge additional Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
• K0299 knowledge additional Knowledge of information security program management and project management principles and techniques.
• K0325 knowledge additional Knowledge of secure acquisitions (e.g., relevant Contracting Officer's Technical Representative [COTR] duties, secure procurement, supply chain risk management).
• K1004 knowledge additional Knowledge of critical information technology (IT) procurement requirements.
• K1040A knowledge additional Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
• S183 skill additional Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Other roles in this element